Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-38863: my_iot_vul/COMFAST/CF-XR11/Command_Inject4 at main · TTY-flag/my_iot_vul

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.

CVE
Open in Source
#vulnerability#web#mac#git
CVE-2023-38840: Erase Master Password in memory after login · Issue #476 · bitwarden/desktop

Bitwarden Windows Desktop v2023.5.1 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.

WordPress Core 5.6.2 XPath Injection

WordPress Core version 5.6.2 appears to suffer from an xpath injection vulnerability via the log parameter.

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code. Not anymore.

Over 12,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums

A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. "Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube

North Korean Hackers Suspected in New Wave of Malicious npm Packages

The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors. As many as nine

CVE-2023-40518: LiteSpeed Web Server Release Log

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.

CVE-2023-39827: Vulnerability/Tenda/A18/formAddMacfilterRule at main · lst-oss/Vulnerability

Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function.

CVE-2023-28483: GSQL FileOutputPolicy Does Not Apply To UDFs

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL queries that contain UDFs can bypass this configuration setting and, as a consequence, can write to any file location to which the administrative user has access.